Security Audit

intercom

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

intercom received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Private keys exposed via TTY command, Broad command execution via SC-Bridge CLI mirroring.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Shell Execution

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Private keys exposed via TTY command The skill describes the `/get_keys` TTY command which "Print public/private keys (sensitive)". The SC-Bridge protocol allows agents to execute "every TTY command" via the `cli` message type (`{ "type": "cli", "command": "/get_keys" }`). If an agent is compromised or maliciously prompted, it could use this mechanism to exfiltrate its own private keys. The skill explicitly warns about this risk, stating "Only enable CLI when fully trusted." Implement granular access control for SC-Bridge commands. Do not allow the `cli` command type to execute sensitive commands like `/get_keys` or `/exit` without explicit, human-confirmed authorization. Alternatively, remove `/get_keys` from the TTY interface or ensure it's only accessible in a highly secure, non-automated context.	LLM	SKILL.md:199
HIGH	Broad command execution via SC-Bridge CLI mirroring The SC-Bridge protocol, when enabled with `--sc-bridge-cli 1`, allows agents to execute "every TTY command" and "any custom commands you add in `protocol.js`" via the `cli` message type. This grants the agent extremely broad control over the Intercom peer, including sensitive operations like `/exit` (stopping the peer) and `/get_keys` (exfiltrating private keys). While the skill warns about this ("Only enable CLI when fully trusted."), the capability itself represents an excessive permission model for an automated agent if not carefully restricted. Implement a whitelist or fine-grained access control for commands executable via SC-Bridge's `cli` interface, especially when `--sc-bridge-cli 1` is enabled. Do not allow execution of critical system commands or credential-revealing commands without explicit, human-level authorization or a highly restricted context.	LLM	SKILL.md:300

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5fc4a39b00baafc1.svg)](https://skillshield.io/report/5fc4a39b00baafc1)